Posted inCybersecurity News Bytes

SparTech Software – Cybersecurity News Bytes (July 21, 2025 10:41 AM)

No CommentsPosted inCybersecurity News Bytes

Latest Detailed Cybersecurity News – July 21, 2025

Table of Contents

  • Microsoft SharePoint Zero-Day Attacks Escalate Worldwide
  • Urgent Patch Issued for SharePoint Remote Code Execution Flaw
  • US Military Cloud Security Gaps Spark Pentagon Contract Review
  • British MOD Afghan Relocation Data Leak Revealed After Superinjunction Ends
  • Co-op Data Breach: 6.5 Million Members’ Details Stolen

Microsoft SharePoint Zero-Day Attacks Escalate Worldwide

Unpatched Vulnerability Targets On-Premises SharePoint Servers

A newly discovered zero-day vulnerability, officially tracked as CVE-2025-53771, is under active exploitation and causing widespread alarm among organizations using on-premises Microsoft SharePoint servers. This vulnerability enables attackers to access private digital keys on SharePoint servers without authentication, providing them the means to plant malware and exfiltrate sensitive data housed within SharePoint file repositories.

Global Impact and Intrusion Scale

Threat actors are leveraging this flaw to breach thousands of small and medium-sized businesses, with confirmed intrusions at several U.S. federal agencies, universities, and energy sector entities. Security researchers have observed dozens of compromised servers, indicating both the scale and rapidity of these ongoing attacks. Exploited SharePoint instances act as gateways, potentially enabling lateral movement into interconnected applications such as Outlook, Teams, and OneDrive, vastly increasing the potential for further network compromise and data theft.

Hackers Exploit with Russian Government Ties

Notably, repeated intrusions have been linked to hackers associated with the Russian government, intensifying concerns around the national security and operational risks for affected organizations.

Response and Interim Measures

Microsoft is urgently developing security fixes for all impacted SharePoint versions, including those dating back to SharePoint Server 2016. With no universal patch yet available, emergency guidance recommends organizations disconnect their SharePoint servers from the internet as a temporary measure to reduce exposure to attacks.

Urgent Patch Issued for SharePoint Remote Code Execution Flaw

Technical Details of CVE-2025-53770 and Exploit Chain

In response to confirmed attacks, Microsoft has released a critical security update for a remote code execution (RCE) vulnerability, CVE-2025-53770. The flaw, rated with a CVSS score of 9.8, is triggered by the deserialization of untrusted data in on-premise SharePoint Server environments. Attackers exploiting this flaw can execute arbitrary code with system-level privileges.

Spoofing Vulnerability and ToolShell Exploit Chain

Alongside the RCE issue, Microsoft disclosed a spoofing vulnerability (CVE-2025-53771), where improper path validation could allow an authorized attacker to perform spoofing over the network. These vulnerabilities are interconnected with two others (CVE-2025-49704 and CVE-2025-49706) forming the so-called ToolShell exploit chain. Chaining these vulnerabilities facilitates full remote code execution and deep system compromise.

Mitigation Recommendations

Microsoft recommends applying the latest security patches without delay. For organizations unable to patch immediately, network isolation—unplugging vulnerable SharePoint servers from external internet connectivity—remains the primary short-term defense to prevent exploitation.

US Military Cloud Security Gaps Spark Pentagon Contract Review

Investigation after Use of Foreign Engineers in Sensitive Projects

The US Department of Defense has initiated a comprehensive review of cloud contracts following revelations that Microsoft allowed Chinese engineers to work on highly sensitive military cloud systems. These arrangements occurred even as Pentagon policy prohibits foreign citizens from accessing classified or sensitive government data.

Security Risks and Oversight Issues

Under the oversight of cleared Americans labeled as “digital escorts,” foreign engineers provided technical assistance, but there were concerns that these escorts lacked the technical expertise to identify or mitigate nuanced security risks posed by their involvement. This configuration potentially exposed military data to unauthorized access or tampering.

Microsoft’s Response and Policy Revisions

Prompted by government scrutiny, Microsoft has revised its support structure, ensuring that no China-based engineering teams will assist US Department of Defense cloud or related services going forward. This response aims to preserve the integrity of sensitive national security data in accordance with federal regulations.

British MOD Afghan Relocation Data Leak Revealed After Superinjunction Ends

Massive Data Breach Remained Secret for Years

In February 2022, a British Ministry of Defence official inadvertently leaked personal data of nearly 19,000 Afghans who applied for relocation after the Taliban’s return to power. This breach included applicants’ names, contact details, and family information, raising acute risks of retribution by hostile actors.

Superinjunction and Delayed Disclosure

The breach was suppressed by a rare and strict superinjunction until July 2025, just now being revealed to the public. The delay prevented immediate protective measures for affected individuals while the government maintained secrecy around the incident.

Government Response

In response to the now-public revelation, the UK government has instituted a covert Afghan Relocation Route in an attempt to mitigate the potential harm and safely resettle at-risk individuals whose information was exposed.

Co-op Data Breach: 6.5 Million Members’ Details Stolen

Scope and Impact of the Attack

UK retailer Co-op confirmed a significant cyberattack, with data belonging to 6.5 million members compromised. The breach, which occurred in April 2025, exposed personal information but its full operational and individual impact are still under investigation.

Incident Context and Response

Co-op is actively working with cybersecurity professionals and law enforcement to investigate, contain, and remediate the violation. Customers have been notified, and additional security measures are being implemented across relevant systems to prevent recurrence.

Tags:

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply